LeoAnn
/
history-api
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

框架漏洞

master
467010279@qq.com 6 days ago
parent
e71dc8a220
commit
9dbb475784
3 changed files with 9 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      ruoyi-admin/src/main/resources/application.yml
  2. 10
      ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
  3. 6
      ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/UserDetailsServiceImpl.java

2
ruoyi-admin/src/main/resources/application.yml
Unescape View File

@ -119,7 +119,7 @@ pagehelper:
# Swagger配置 # Swagger配置
swagger: swagger:
# 是否开启swagger # 是否开启swagger
enabled: true enabled: false
# 请求前缀 # 请求前缀
pathMapping: /dev-api pathMapping: /dev-api

10
ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
Unescape View File

@ -107,11 +107,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
"/**/*.js", "/**/*.js",
"/profile/**" "/profile/**"
).permitAll() ).permitAll()
.antMatchers("/swagger-ui.html").anonymous() // .antMatchers("/swagger-ui.html").anonymous()
.antMatchers("/swagger-resources/**").anonymous() // .antMatchers("/swagger-resources/**").anonymous()
.antMatchers("/webjars/**").anonymous() // .antMatchers("/webjars/**").anonymous()
.antMatchers("/*/api-docs").anonymous() // .antMatchers("/*/api-docs").anonymous()
.antMatchers("/druid/**").anonymous() // .antMatchers("/druid/**").anonymous()
.antMatchers("/api/**").anonymous() .antMatchers("/api/**").anonymous()
// 除上面外的所有请求全部需要鉴权认证 // 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated() .anyRequest().authenticated()

6
ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/UserDetailsServiceImpl.java
Unescape View File

@ -37,17 +37,17 @@ public class UserDetailsServiceImpl implements UserDetailsService
if (StringUtils.isNull(user)) if (StringUtils.isNull(user))
{ {
log.info("登录用户:{} 不存在.", username); log.info("登录用户:{} 不存在.", username);
throw new ServiceException("登录用户:" + username + " 不存在"); throw new ServiceException("用户名或密码错误");
} }
else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) else if (UserStatus.DELETED.getCode().equals(user.getDelFlag()))
{ {
log.info("登录用户:{} 已被删除.", username); log.info("登录用户:{} 已被删除.", username);
throw new ServiceException("对不起,您的账号:" + username + " 已被删除"); throw new ServiceException("用户名或密码错误");
} }
else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) else if (UserStatus.DISABLE.getCode().equals(user.getStatus()))
{ {
log.info("登录用户:{} 已被停用.", username); log.info("登录用户:{} 已被停用.", username);
throw new ServiceException("对不起,您的账号:" + username + " 已停用"); throw new ServiceException("用户名或密码错误");
} }
return createLoginUser(user); return createLoginUser(user);

Write Preview
Loading…
Cancel
Save